1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

WordPress promises patch for zero-day "within hours"

Discussion in 'CSO' started by RSS, Apr 27, 2015.

  1. RSS

    RSS New Member Member

    In a statement on Monday, Matt Mullenweg, founder of Automattic and lead developer of WordPress, said that developers are working to address a recently disclosed XSS vulnerability in the popular CMS platform.

    A patch is expected in the "coming hours."

    "The WordPress team was made aware of a XSS issue a few hours ago that we will release an update for shortly," Mullenweg said in a statement to Salted Hash.

    "It is a core issue, but the number of sites vulnerable is much smaller than you may think because the vast majority of WordPress-powered sites run Akismet, which blocks this attack. When the fix is tested and ready in the coming hours WordPress users will receive an auto-update and should be safe and protected even if they don't use Akismet."

    To read this article in full or to leave a comment, please click here

    Continue reading...

Share This Page